CVE-2004-1977

Vulnerability

The vulnerability resides in the 3Com NBX IP VOIP NetSet Configuration Manager, which runs a Virata-EmWeb/R6_0_3 web server on a VxWorks real-time operating system. Affected versions include all deployments of the 3Com SuperStack 3 NBX and NBX 100 networked telephony solutions. The web server is used for remote administration and individual phone configuration. Sending a standard Nessus vulnerability scan in safeChecks mode triggers a failure in input validation, causing the server to crash [1].

Exploitation

An attacker with network access to the NetSet web interface can cause a denial of service by simply running a Nessus scan in safeChecks mode. No authentication or special privileges are required; the scan sends a sequence of web queries that the server mishandles, leading to a crash. The attacker does not need to craft custom packets—standard safeChecks probes are sufficient [1].

Impact

Successful exploitation results in a denial of service: the Virata-EmWeb server crashes, making the NetSet Configuration Manager unavailable. This disrupts administrative functions (e.g., backup, reboot, configuration) and individual phone user features (speed dial, call forwarding). The telephone service itself may continue operating on the underlying VxWorks platform, but management and user self-service become inaccessible until the server is restarted [1].

Mitigation

As of the original disclosure (April 2004), no fix or workaround was provided by 3Com. The vendor was notified but did not respond. No patch or updated version has been identified in the available references. Users should restrict network access to the NetSet web interface (e.g., firewall rules, VLAN segmentation) to limit exposure to untrusted scanners [1].